Hiding Server Version
Please use the “Print” function at the bottom of the page to create a PDF.
When accessing a website, some server programs transmit additional information, such as the server version used, the operating system used, or plug-ins used.
Attackers could use this information to exploit vulnerabilities of the software used. You can make it harder for attackers by hiding any sensitive information.
Hiding Apache Server Version
There are settings for the frequently used Apache web server that prevent sensitive information being released.
Open your Apache web server configurations and apply the following settings:
ServerTokens Prod
ServerSignature Off
Some Apache web servers are configured to deliver a detailed status report as a website. In this case, proceed as follows:
- Check if your web server offers a status report.
To do this, enter your domain in your browser followed by /server-info (e.g. http://example.com/server-info).
If a page with technical information about your web server appears, your web server is vulnerable. - Look for the following block in your web server configuration:
<Location "/server-status">
SetHandler server-status
</Location> - Adjust the configuration so that the page is not publicly accessible:
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
</Location> - Restart the Apache web server to load the customized configuration.
Please refer to the official Apache-Documentation for further information.